1. Home
  2. CVE Database
  3. CVE-2013-3385
HIGH · 7.8

CVE-2013-3385

The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices b...

Vulnerability Description

The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C
Confidentiality
NONE
Integrity
NONE
Availability
COMPLETE

Affected Products

VendorProductVersions
CiscoIronport Asyncos<= 7.1.3
CiscoContent Security Management-
CiscoWeb Security Appliance-
CiscoEmail Security Appliance Firmware-

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2013-3385?

CVE-2013-3385 is a vulnerability with a CVSS score of 7.8 (HIGH). The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices b...

How severe is CVE-2013-3385?

CVE-2013-3385 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-3385?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ironport Asyncos, Cisco Content Security Management, Cisco Web Security Appliance, Cisco Email Security Appliance Firmware.